A certificate is a certificate for electronic signature which is issued by a certificate authority, and is essentially used in various fields, for example, online certificate issuance, electronic commerce, online stock trading, as well as internet banking. Also, recently, since financial transactions are increasing in smart phone, the use of the certificate is increasing in smart phone.
Looking at the use of the certificate in existing PC (Personal Computer) environment, the certificate is stored in hard disk, portable disk, smart phone, storage token, security token, etc. Then, if a certificate authentication is required for internet financial transactions, a digital signature is generated by using the certificate stored in e.g. hard disk and a certification server verifies it.
However, in case that a certificate is stored in a hard disk or portable disk, a hacking program can easily copy the certificate stored as file type in a folder and easily detect a password of the certificate by monitoring the PC. Therefore, there is a problem that a bank fraud frequently occurs due to hacking. Meanwhile, since the portable disk is exposed to hacking only when it is connected to the PC, it may be regarded that the portable disk is safer than the hard disk. However, the portable disk is likely to be lost and thus a possibility of certificate leakage is high. Meanwhile, in case that the certificate is stored in a smart phone or storage token, the certificate is not stored as file type. However, for certificate authentication, since a digital signature should be performed in the PC, the private key of the certificate may be exposed to the memory of the PC and then a possibility of hacking is still existed.
Therefore, the security token is safest that stores the certificate in the security chip and performs the digital signature in the security chip. Also, the KISA (Korea Internet & Security Agency) recommends the use of the security token. However, the existing security token can be driven only in PC environment. Thus, there is still a problem that the existing security token cannot be used in the smart phone.
In relation to this, looking at the use of the certificate in existing smart phone environment, the certificate issued by the PC is copied into the smart phone and is stored as file type in a folder. Then, various applications use the certificate in common. Alternatively, individual application respectively stores the certificate in its own storage space and uses the certificate.
However, in this case, like the hard disk in PC environment, the certificate stored in the smart phone can be exposed to hacking. Similarly, like the portable disk, the certificate can be exposed due to lost of the smart phone.
Therefore, there is a demand for new scheme that the security token can be used even in the smart phone. In particular, there is a demand for new scheme that the security token can be securely and conveniently used in both PC environment and smart phone environment.
Meanwhile, recently, the KISA (Korea Internet & Security Agency) is working on a certificate cryptosystem upgrading project. The object of this project is to improve a stability of an electronic signature algorithm by raising the length of the private key from 1024-bit to 2048-bit.
At present, in a certificate authentication system, the RSA (Rivest Shamir Adleman) algorithm is used as an electronic signature algorithm. If the RSA algorithm is improved from 1024-bit to 2048-bit, theoretically, it takes about quadruple time or more to perform operations. Specifically, it usually takes 2˜3 seconds and in some cases more than 6 seconds to generate a 1024-bit private key and public key pair in a current smart card chip. If a cryptosystem is improved from 1024-bit to 2048-bit, it usually takes 20˜30 seconds and in some cases more than 60 seconds to generate a 2048-bit private key and public key pair in the current smart card chip.
Therefore, in case of being issued a 2048-bit certificate by using the security token, a user may feel uncomfortable since it may take more than one minute in an issue process. Hence, the KISA wants to reduce a 2048-bit private key and public key pair generation time in the security token within a few seconds, but a technology solving the above requirement has not yet been suggested.
Hence, there is a demand for new scheme that the security token can efficiently generate the private key and public key pair using NFC in a smart phone environment.